
<?php
    $user=$_POST['username'];
    $pwd=$_POST['pwd'];
   
    $dbhost="localhost";
    $dbpwd="root";
    $dbuser="root";
    $conn=mysqli_connect($dbhost,$dbuser,$dbpwd,"bbs");
    if(!$conn){
        die('数据库链接失败!');
    }
    $flag=true;
    if(!empty($_POST))
    {
        if(!preg_match('/^[0-9]{11}$/',$user)){
            echo '<script>alert("账号必须是11位纯数字！");window.location.href="../html/login.html";</script>';
            die;
        }else if(!preg_match('/^[0-9a-zA-Z]{8,14}$/',$pwd)){
            echo '<script>alert("密码必须是8-14位纯数字或纯字母或数字+字母的组合！");window.location.href="../html/login.html";</script>';
            die;
        }
        $sql="SELECT id,account,pwd FROM user WHERE account='$user' AND pwd='$pwd'";
        $retval = mysqli_query( $conn, $sql );
        
        $res=mysqli_fetch_row($retval);
        // echo $res;
        // $length=count($res);
        // echo $length;
        
        if(!$res){
            $flag=false;
            echo '<script>alert("账号或密码不正确！");window.location.href="../html/login.html";</script>';
            die;
        }else{
            $flag=true;
            $conn=mysqli_connect("localhost","root","root","bbs");
            $sql="SELECT id,account,pwd,ustatus FROM user WHERE account='$user' AND pwd='$pwd'";
            $retval = mysqli_query( $conn, $sql );
            $arr=mysqli_fetch_assoc($retval);
            $id=json_encode($arr['id']);
            $ustatus=json_encode($arr['ustatus']);
        }
        if($flag){
            echo "<script>window.location.href=`../html/index.html?id=$id&ustatus=$ustatus#1`;</script>";
            //网页跳转到首页并发送哈希值
        }
    }

?>